Penetration Testing mailing list archives
internal network mapping & traversal
From: lister () lihim org
Date: Mon, 22 Sep 2008 15:10:25 -0500
What techniques have you found useful for mapping out a network from a starting position? An internal network could use all RFC 1918 networks 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 Basically if you are dropped into an internal network (general dhcp user workstations), what would be good starting points to discover what networks are available and the paths through the network. I would assume that there is a way to determine what networks you have access to and determine which network devices you will need to bypass (ie. all packets stop at X network devices, which may be some type of firewall/routeracl, etc). Getting on the network you would have DHCP and the provided information (gw, dns, etc), but what about determining other networks used internally? Is this just trial and error with network probing? Do you run multiple traceroutes against different IP addresses to find the network gateways/firewalls? ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- internal network mapping & traversal lister (Sep 22)
- Re: internal network mapping & traversal Trygve Aasheim (Sep 23)
- Re: internal network mapping & traversal Paul Melson (Sep 23)
- <Possible follow-ups>
- Re: internal network mapping & traversal Robert E. Lee (Sep 23)
- Re: internal network mapping & traversal Paul Melson (Sep 23)
- Message not available
- RE: internal network mapping & traversal Paul Melson (Sep 24)
- Re: internal network mapping & traversal Paul Melson (Sep 23)